Abstract

A computing system is described having an automated management system for managing keys to encrypt and decrypt stored data on the computing system. The computing system has an authentication server; a key client; a key generator; a key server; a key database; and an encrypted data file memory. The authentication server authenticates the user and in response to the user accessing the computing system the authentication server provides the user with a ticket validating the user. The key client of a creating user when creating a data file invokes the generator to generate a key corresponding to the data file. The key is provided to the key server and the key client uses the key to encrypt the data file which is stored in the encrypted data file memory. The key client of an accessing user sends its ticket and data file identification data to the key server. The key server checks the ticket and sends the key corresponding to the data file to the key client of the accessing user. The key client of the accessing user uses the key to decrypt the encrypted data file. The stored data can further include a header containing the key and owner and permitted user identification data. The ticket can contain a key to encrypt messages sent between the client server and key client.

Other References

• W. M. Goode, "Securing Personal Computers In A Network Environment", Micronyx, Inc. 1901 N. Central Expressway, Richardson, Tex.--document 01-214-690-0595, pp. 135-148
• H. Feinstein, "Security On Unclassified Sensitive Computer Systems", Nat'l. Computer Security Conference Proceedings, Sep. 15-18, 1986, pp. 81-90
• S. Cobb, "Security Software", Which Computer, Sep. 1991, pp. 64-75
• J. G. Steiner, "Kerberos: An Authentication Service For Open Network Systems", Presented at Winter USENIX, 1988, Dallas, Texas
• IBM Technical Disclosure Bulletin, vol. 28, No. 12, May 1986 "Integrity Of Stored Public Key", pp. 5168-516